Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

159,159 advisories

Loading
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-48968 was published May 27, 2026
A use of get request method with sensitive query strings vulnerability in volume encryption of... Moderate Unreviewed
CVE-2026-2237 was published May 27, 2026
An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local... Moderate Unreviewed
CVE-2025-66593 was published May 27, 2026
An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1... Moderate Unreviewed
CVE-2025-66592 was published May 27, 2026
Improper neutralization of input during web page generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-10466 was published May 27, 2026
Improper neutralization of input during web page generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-13167 was published May 27, 2026
Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows... Moderate Unreviewed
CVE-2025-13593 was published May 27, 2026
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in... Moderate Unreviewed
CVE-2026-40822 was published May 27, 2026
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in... Moderate Unreviewed
CVE-2026-40821 was published May 27, 2026
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in... Moderate Unreviewed
CVE-2026-40826 was published May 27, 2026
AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log... Moderate Unreviewed
CVE-2026-41704 was published May 27, 2026
When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is... Moderate Unreviewed
CVE-2026-41009 was published May 27, 2026
Cross-site request forgery (CSRF) vulnerabilities allow attackers to exploit a user's... Moderate Unreviewed
CVE-2026-49001 was published May 27, 2026
Files or directories accessible to external parties vulnerability in redis-server component in... Moderate Unreviewed
CVE-2024-11399 was published May 27, 2026
The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to time-based... Moderate Unreviewed
CVE-2026-7618 was published May 27, 2026
The Github Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2026-8042 was published May 27, 2026
The WP Promoter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions... Moderate Unreviewed
CVE-2026-8906 was published May 27, 2026
The MetaMagic SEO Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2026-8942 was published May 27, 2026
Insufficiently protected credentials vulnerability in IPSpeaker component in Synology... Moderate Unreviewed
CVE-2024-47271 was published May 27, 2026
Cleartext transmission of sensitive information vulnerability in Export Key functionality in... Moderate Unreviewed
CVE-2024-47269 was published May 27, 2026
Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station... Moderate Unreviewed
CVE-2024-47268 was published May 27, 2026
The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's'... Moderate Unreviewed
CVE-2026-3001 was published May 27, 2026
The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification... Moderate Unreviewed
CVE-2026-3279 was published May 27, 2026
The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2026-3895 was published May 27, 2026
The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-3897 was published May 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database